misuzu/public/index.php

196 lines
6 KiB
PHP
Raw Permalink Normal View History

2022-09-13 13:14:49 +00:00
<?php
namespace Misuzu;
use RuntimeException;
use Misuzu\Users\User;
2022-09-13 13:14:49 +00:00
require_once __DIR__ . '/../misuzu.php';
set_exception_handler(function(\Throwable $ex) {
http_response_code(500);
ob_clean();
if(MSZ_DEBUG) {
header('Content-Type: text/plain; charset=utf-8');
echo (string)$ex;
} else {
header('Content-Type: text/html; charset=utf-8');
echo file_get_contents(MSZ_TEMPLATES . '/500.html');
}
exit;
});
// The whole wall of shit before the router setup and dispatch should be worked away
// Lockdown things should be middleware when there's no more legacy files
2022-09-13 13:14:49 +00:00
$request = \Index\Http\HttpRequest::fromRequest();
ob_start();
if(file_exists(MSZ_ROOT . '/.migrating')) {
http_response_code(503);
if(!isset($_GET['_check'])) {
header('Content-Type: text/html; charset=utf-8');
echo file_get_contents(MSZ_TEMPLATES . '/503.html');
}
exit;
}
if(!MSZ_DEBUG) {
$twigCacheDirSfx = GitInfo::hash(true);
if(empty($twigCacheDirSfx))
$twigCacheDirSfx = md5(MSZ_ROOT);
$twigCache = sys_get_temp_dir() . '/msz-tpl-' . $twigCacheDirSfx;
if(!is_dir($twigCache))
mkdir($twigCache, 0775, true);
}
$globals = $cfg->getValues([
['site.name:s', 'Misuzu'],
'site.desc:s',
'site.url:s',
'sockChat.chatPath.normal:s',
'eeprom.path:s',
'eeprom.app:s',
['auth.secret:s', 'meow'],
['csrf.secret:s', 'soup'],
]);
Template::init($msz, $twigCache ?? null, MSZ_DEBUG);
Template::set('globals', [
'site_name' => $globals['site.name'],
'site_description' => $globals['site.desc'],
'site_url' => $globals['site.url'],
'site_chat' => $globals['sockChat.chatPath.normal'],
'eeprom' => [
'path' => $globals['eeprom.path'],
'app' => $globals['eeprom.app'],
],
]);
$mszAssetsInfo = json_decode(file_get_contents(MSZ_ASSETS . '/current.json'));
if(!empty($mszAssetsInfo))
Template::set('assets', $mszAssetsInfo);
unset($mszAssetsInfo);
Template::addPath(MSZ_TEMPLATES);
AuthToken::setSecretKey($globals['auth.secret']);
if(isset($_COOKIE['msz_uid']) && isset($_COOKIE['msz_sid'])) {
$authToken = new AuthToken;
$authToken->setUserId(filter_input(INPUT_COOKIE, 'msz_uid', FILTER_SANITIZE_NUMBER_INT) ?? 0);
$authToken->setSessionToken(filter_input(INPUT_COOKIE, 'msz_sid') ?? '');
if($authToken->isValid())
$authToken->applyCookie(strtotime('1 year'));
AuthToken::nukeCookieLegacy();
}
if(!isset($authToken))
$authToken = AuthToken::unpack(filter_input(INPUT_COOKIE, 'msz_auth') ?? '');
if($authToken->isValid()) {
2023-07-28 20:06:12 +00:00
$sessions = $msz->getSessions();
$authToken->setCurrent();
try {
2023-07-28 20:06:12 +00:00
$sessionInfo = $sessions->getSession(sessionToken: $authToken->getSessionToken());
if($sessionInfo->hasExpired()) {
2023-07-28 20:06:12 +00:00
$sessions->deleteSessions(sessionInfos: $sessionInfo);
} elseif($sessionInfo->getUserId() === (string)$authToken->getUserId()) {
$userInfo = User::byId((int)$sessionInfo->getUserId());
if(!$userInfo->isDeleted()) {
$userInfo->setCurrent();
$userInfo->bumpActivity($_SERVER['REMOTE_ADDR']);
2023-07-28 20:06:12 +00:00
$sessions->updateSession(sessionInfo: $sessionInfo, remoteAddr: $_SERVER['REMOTE_ADDR']);
if($sessionInfo->shouldBumpExpires())
$authToken->applyCookie($sessionInfo->getExpiresTime());
if($authToken->hasImpersonatedUserId()) {
$allowToImpersonate = $userInfo->isSuper();
$impersonatedUserId = $authToken->getImpersonatedUserId();
if(!$allowToImpersonate) {
$allowImpersonateUsers = $cfg->getArray(sprintf('impersonate.allow.u%s', $userInfo->getId()));
$allowToImpersonate = in_array((string)$impersonatedUserId, $allowImpersonateUsers, true);
}
$removeImpersonationData = !$allowToImpersonate;
if($allowToImpersonate) {
$userInfoReal = $userInfo;
try {
$userInfo = User::byId($impersonatedUserId);
} catch(RuntimeException $ex) {
$userInfo = $userInfoReal;
$removeImpersonationData = true;
}
$userInfo->setCurrent();
}
if($removeImpersonationData) {
$authToken->removeImpersonatedUserId();
$authToken->applyCookie();
}
}
}
}
} catch(RuntimeException $ex) {
User::unsetCurrent();
}
if(!User::hasCurrent())
AuthToken::nukeCookie();
}
CSRF::init(
$globals['csrf.secret'],
2023-07-28 20:06:12 +00:00
(User::hasCurrent() ? $authToken->getSessionToken() : $_SERVER['REMOTE_ADDR'])
);
if(!empty($userInfo)) {
Template::set('current_user', $userInfo);
Template::set('current_user_ban_info', $msz->tryGetActiveBan());
}
if(!empty($userInfoReal))
Template::set('current_user_real', $userInfoReal);
$inManageMode = str_starts_with($_SERVER['REQUEST_URI'], '/manage');
$hasManageAccess = User::hasCurrent()
&& !$msz->hasActiveBan()
&& perms_check_user(MSZ_PERMS_GENERAL, User::getCurrent()->getId(), MSZ_PERM_GENERAL_CAN_MANAGE);
Template::set('has_manage_access', $hasManageAccess);
if($inManageMode) {
if(!$hasManageAccess) {
echo render_error(403);
exit;
}
Template::set('manage_menu', manage_get_menu(User::getCurrent()->getId()));
}
$mszRequestPath = $request->getPath();
$mszLegacyPathPrefix = MSZ_PUBLIC . '-legacy/';
$mszLegacyPath = realpath($mszLegacyPathPrefix . $mszRequestPath);
if(!empty($mszLegacyPath) && str_starts_with($mszLegacyPath, $mszLegacyPathPrefix)) {
if(is_dir($mszLegacyPath))
$mszLegacyPath .= '/index.php';
if(is_file($mszLegacyPath)) {
require_once $mszLegacyPath;
return;
}
}
$msz->setUpHttp(str_contains($mszRequestPath, '.php'));
$msz->dispatchHttp($request);